Data encryption method and apparatus

ABSTRACT

A method and apparatus of encrypting data for transmission between first 1 and second 2 communication terminals in which information relating to a time at which a message sent from the first terminal is expected to arrive at the second terminal is determined by an exchange of messages between the first and second terminals. The data is encrypted at the first terminal using the determined information and is transmitted to the second terminal, where it is decrypted based on its actual arrival time.

The present invention relates to an apparatus and method for encryptingdata for transmission between first and second communication terminals,and a corresponding decryption method and apparatus.

A variety of encryption techniques are known for encrypting datatransmitted over a communications channel. The majority of thesetechniques are key based, relying on the receiving party possessing asecret key to decrypt encrypted transmissions. To provide a truly securechannel, the secret key generally needs to be provided at the receiverwithout transmitting it over the channel, since to do so wouldpotentially compromise the security of the channel. This may involvephysically carrying the encryption key to the receiving location. Thedisadvantage of requiring a physical key transfer is that it makes itvery difficult to establish dynamic communication channels, or to changethe encryption method frequently.

The present invention aims to address the above problems.

According to the invention, there is provided a method of encryptingdata for transmission between first and second communication terminals,the method comprising the steps of determining information relating to atime at which a message sent from the first terminal will arrive at thesecond terminal and encrypting the data at the first terminal using thedetermined information.

There is correspondingly provided a method of decrypting encrypted datareceived from a first communication terminal at a second communicationterminal, in which the data has been encrypted at the first terminalusing information relating to the time at which the data is expected tobe received at the second terminal, comprising the steps of receivingthe encrypted data at the second terminal, determining informationrelating to the time of receipt of the encrypted data and using thedetermined information to decrypt the encrypted data.

By encrypting the data based on its arrival time at the secondcommunication terminal, a secure channel can be established, since onlythe second communication terminal will receive the information at thedetermined time and therefore be able to decrypt it.

The step of determining the expected time of arrival at the secondterminal may comprise transmitting a first message from the firstcommunication terminal to the second communication terminal, receiving areply message from the second communication terminal, the reply messageincluding information relating to the receipt time of the first messageat the second terminal and information relating to a transmission timeof the reply message and determining the time of receipt of the replymessage at the first communication terminal. In combination with thetransmission time of the first message, this provides the informationrequired to calculate the expected time of arrival of a message sentfrom the first terminal to the second terminal.

According to the invention, there is also provided a method of settingup a secure channel between first and second communication terminals ina communication system, the method comprising the steps of receiving afirst message sent from the first terminal at the second terminal andtransmitting a second message from the second terminal to the firstterminal, including information relating to the time of arrival of thefirst message at the second terminal and the time of transmission of thesecond message from the second terminal to the first terminal.

A secure channel may therefore be set up by a simple message exchangebetween first and second terminals.

The method according to the invention may permit only the first terminalto acquire the information required to encrypt data for the secondterminal.

According to the invention, there is further provided a communicationsystem in which data is to be encrypted for transmission between firstand second communication terminals, the system comprising means fordetermining information relating to a time at which a message sent fromthe first terminal is expected to arrive at the second terminal andmeans for encrypting the data at the first terminal using the determinedinformation.

The first and second terminals may have first and second internal clocksrespectively, each of which generates a sequence of values correspondingto a time sequence. Since the clock values are constantly changing, anencryption method that relies on encrypting data based on an encryptionkey related to the expected clock value on receipt of the data, may havethe advantage that the encryption key may change on transmission of eachdata packet.

There is still further provided, in accordance with the invention, atransmitter configured to transmit encrypted data to a receiver, thetransmitter comprising means for determining information relating to atime at which a message sent from the transmitter is expected to arriveat the receiver and means for encrypting the data at the transmitterusing the determined information.

The invention also provides a receiver configured to decrypt data sentfrom a transmitter, wherein the data is encrypted using informationrelating to a time at which a message sent from the transmitter isexpected to arrive at the receiver, the receiver comprising means forreceiving the encrypted data, means for determining a time of arrival ofthe encrypted data and means for decrypting the encrypted data using thedetermined information.

Embodiments of the invention will now be described by way of example,with reference to the accompanying drawings, in which:

FIG. 1 is a schematic diagram of a communications system according tothe invention, including first and second communication terminals;

FIG. 2 is a schematic block diagram illustrating the internalarchitecture of each of the first and second communication terminals ofFIG. 1;

FIG. 3 is a flow diagram illustrating the encryption and correspondingdecryption of data transmitted between the first and second terminalsshown in FIG. 1; and

FIG. 4 is a schematic diagram illustrating clock sequences at each ofthe first and second communication terminals.

Referring to FIG. 1, a system according to the invention comprises firstand second wireless user terminals 1, 2 communicating via acommunications network 3 under the control of a base station 4, usingany available communications protocol, including but not limited to GSMand UMTS. Each of the first and second user terminals 1, 2 has arespective internal clock 5 a, 5 b, which maintains an internal timereference.

The internal architecture of each of the user terminals 1, 2 is shown inblock diagram form in FIG. 2. Each terminal includes a clock circuit 5a, 5 b, a processor 6, radio interface circuitry 7, an antenna 8, memory9, input/output circuitry 10, including for example, a display, keypad,speaker and microphone, voice circuits 11, authentication circuitry 12,including for example a SIM card and reader, and a battery 13.

The way in which the user terminal described above communicates withother user terminals in accordance with any particular protocol is wellknown and will not be described in detail further.

The internal clock circuits 5 a, 5 b shown in FIG. 2 generate a clocksequence which is not synchronised with and therefore independent of theclock sequence of any other user terminal, depending, for example, onwhen each user terminal is switched on. Each user terminal therefore hasa different perception of time. To permit encryption in accordance withthe invention, the first user terminal 1 must first acquire the seconduser terminal's 2 time perception.

FIG. 3 illustrates steps carried out by the circuitry of FIG. 2 underthe control of the processor 6 based, for example, on software stored inthe memory 9. Referring to FIG. 3, the first user terminal 1 transmits anon-secure message to the second user terminal 2 at a transmission timedesignated t_(1T) according to the first user terminal's clock 5 a (steps1). The transmission time is encoded into the message. The suffix ‘1T’indicates transmission from the first terminal 1. The message isreceived at the second terminal 2 (step s2), which notes the time ofarrival, designated t_(2R) (step s3). The suffix ‘2R’ indicates that themessage has been received at the second terminal 2. The second terminal2 then replies to the first terminal 1 with a message including theinitial transmission time t_(1T), the time of arrival t_(2R) and thetime of transmission of the reply message t_(2T) (step s4). This replymessage is received at the first terminal 1 at time t_(1R) (step s5).The first terminal 1 now has sufficient information to calculate theoffset between the respective clocks 5 a, 5 b, also referred to hereinas the transmit 5 a and receive 5 b clocks.

In an alternative example, which may enhance the security of the systemfurther, the initial transmission time t_(1T) is not included in themessage sent from the first terminal, but is stored at the firstterminal 1. When a reply message is received from the second terminal 2,the first terminal 1 retrieves the transmission time of the initialmessage corresponding to the reply message. This can be achieved by anymethod that allows the first terminal 1 to identify the transmissiontime of the initial message on receipt of the reply message. Forexample, on transmission, the first terminal 1 stores a messageidentifier with the transmission time t_(1T) and sends the messageidentifier to the second terminal. The second terminal 2 inserts themessage identifier into the reply message and returns this to the firstterminal 1 along with the time of arrival t_(2R) and reply message timeof transmission t_(2T) information. On receipt of the reply message, thefirst terminal 1 looks up the transmission time t_(1T) corresponding tothe message identifier.

As a further alternative, the message sent by the first terminal 1 is awake-up message to the second terminal 2. The transmission time t_(1T)is stored at the first terminal together with an identifier for thesecond terminal 2. In this case, the identifier of the terminal 2 fromwhich a reply message is received is used to look up the initialtransmission time.

The first terminal 1 now has the following information: t_(1T), t_(2R),t_(2T) and t_(1R). The total time taken for a response to a messagetransmitted from the first terminal 1 to be received at the firstterminal 1 is given by the equation:T _(Total) =T ₁₂ +T _((2R/T)) +T ₂₁  (Equation 1)

-   -   where:    -   T₁₂ is the time of flight for a message initiated at the first        user terminal to travel to the second user terminal,    -   T_((2R/T)) is the internal transit time interval between a        message being received at the second terminal and a reply being        transmitted from the second terminal; and    -   T₂₁ is the time of flight for a message initiated at the second        user terminal to travel to the first user terminal.

However, on the assumption that the time of flight is the same in bothdirections, then T₁₂=T₂₁. Similarly, the first terminal 1 can calculatethe message transit time T_(2/RT) within the second terminal 2 ast_(2T)−t_(2R), so that equation 1 given above reduces to:T _(total)=2T ₁₂+(t _(2T) −t _(2R))  (Equation 2)

Now, rewriting equation 2 to determine the time of flight, T₁₂,produces: $\begin{matrix}{T_{12} = \frac{T_{total} - \left( {t_{2T} - t_{2R}} \right)}{2}} & \left( {{Equation}\quad 3} \right)\end{matrix}$

T_(total) is also given by the time interval between the time at whichthe reply message from the second terminal was received at the firstterminal and the time at which the initial message was transmitted bythe first terminal, i.e. t_(1R)−t_(1T), so that equation 3 becomes:$\begin{matrix}{T_{12} = \frac{\left( {t_{1R} - t_{1T}} \right) - \left( {t_{2T} - t_{2R}} \right)}{2}} & \left( {{Equation}\quad 4} \right)\end{matrix}$

The offset between the transmit and receive clocks is given by thedifference between the time at which the initial message was received atthe second terminal (t_(2R)), which is expressed in the time units ofthe second terminal's clock 5 b, and the time at which it would havebeen received if the second clock 5 b were using the time reference ofthe first terminal's clock 5 a, which is the transmission time t_(1T)plus the time of flight i.e. t_(1T)+T₁₂. Therefore, the offset is givenby:Offset=t _(2R)−(t _(1T) +T ₁₂)  (Equation 5)

Referring to FIG. 4, a specific example is given in which it is assumedthat the first terminal 1 transmits a message to the second terminal 2at local time t_(1T)=7. This is received at the second terminal 2 atlocal time t_(2R)=1005. There is a time gap of 3 time units untiltransmission of the reply message at t_(2T)=1008, the reply messageincluding t_(1T), t_(2R) and t_(2T). The first terminal 1 receives thereply message at local time t_(1R)=12.

Therefore, using equation 4 given above:$T_{12} = \frac{\left( {12 - 7} \right) - \left( {1008 - 1005} \right)}{2}$

-   -   giving T₁₂=1.

The offset is calculated using equation 5 given above, so that:Offset=1005−(7+1)

-   -   giving Offset =997.

Referring to FIGS. 3 and 4, when the first terminal 1 wishes to transmitdata to the second terminal 2, it can use a modified form of equation 5:t _(2RE) =t _(1TS)+time of flight+Offset  (Equation 6)

-   -   where:    -   t_(2RE) is the expected time at which the data will be received        at the second terminal 2; and    -   t_(1TS) is the time at which the data is scheduled to be        transmitted from the first terminal 1.

Referring again to FIG. 3, for a message to be sent at a scheduledtransmission time t_(1TS), the first terminal therefore calculates theexpected arrival time t_(2RE) at the second terminal 2 by adding thepreviously calculated Offset and time of flight to the scheduledtransmission time t_(1TS) (step s6).

The message to be sent is then encrypted using the expected arrival time(step s7), the message is transmitted at the scheduled transmission time(step s8) and is received by the second terminal 2 (step s9) at anactual arrival time which is the same as the expected arrival time. Theactual time of arrival (TOA) is recorded (step s10) and used to decryptthe message (step s11).

The encryption/decryption can be done in numerous ways. For example, thedata to be transmitted is multiplied by the expected arrival time,transmitted and then divided by the actual arrival time at the receivingend. However, any technique could be used which results in the databeing amended in some way depending on the relative difference betweenthe internal clocks, including summation, using a look-up table or anyother technique for manipulating data.

For example, referring again to FIG. 4, assuming the first terminal 1wishes to send data at local time t=20, it can calculate (using equation6) that the expected time of arrival at the second terminal 2 is:t _(2RE)=20+1+997i.e. t_(2RE)=1018.

Therefore assuming a data packet of 101010101010, multiplication by 1018(1111111010) results in a message packet of 1010100110100000000100. Onreceipt of this packet at an actual receipt time of 1018, division bythis time recovers the original data packet.

In the absence of information as to the clock reading on receipt, noother receiver can successfully decode this information. Since thetransmitter and receiver clocks 5 a, 5 b are constantly moving, themultiplying factor, which can be considered as an encryption key, ischanged every time the transmission time of a data packet changes,providing a further enhancement in security.

In the arrangement described, the receiving terminal 2 does not havesufficient information to be able to encrypt data for transmission tothe first terminal 1. To do this, it needs to send a message to thefirst terminal 1 and wait for a reply, by analogy with the reverseprocess described above.

The system according to the invention can be used to send voice or datasecurely. An exchange of messages between two terminals is all that isrequired to set up a secure channel, so that the system could allowsecure. transmission over walkie-talkies, phone-to-phone SMS messagingand so on. The system could also used as a simple initial encryptionmethod for exchanging encryption keys. Subsequent messages encryptedusing the encryption keys can be sent on the communication channel inthe usual way or can use the system of the invention as a second levelof encryption. The system has scope for application in anycommunications environment in which regular changes to encryption aredesirable while it would be inconvenient to provide a physical transferof keys to the remote receiving location.

While the invention has been described primarily in relation to wirelessmobile communication terminals, it is also applicable to fixed wirelessor wired terminals.

From reading the present disclosure, other variations and modificationswill be apparent to persons skilled in the art. Such variations andmodifications may involve equivalent and other features which arealready known in the field of encryption and telecommunications andwhich may be used instead of or in addition to features alreadydescribed herein. While the encryption method is primarily described asbeing implemented in software, it may alternatively be implemented in ahardware encryption module.

1. A method of encrypting data for transmission between first and secondcommunication terminals, the method comprising the steps of: determininginformation relating to a time at which a message sent from the firstterminal is expected to arrive at the second terminal; and encryptingthe data at the first terminal using the determined information.
 2. Amethod according to claim 1, further comprising determining a time offlight for a message sent from one of the first terminal and the secondterminal to the other of said terminals.
 3. A method according to claim2, wherein the first and second terminals have first and second internalclocks respectively, each of which generates a sequence of valuescorresponding to a time sequence, further comprising the step ofdetermining an offset value defining a difference between the sequencesof the first and second clocks.
 4. A method according to claim 3,wherein the step of determining the estimated time of arrival comprisesadding the offset value and the time of flight to a sequence value forthe first clock representing the time at which the first message is tobe transmitted.
 5. A method according to claim 1, wherein the step ofdetermining information relating to a time at which the secondcommunication terminal will receive a message sent from the firstcommunication terminal further includes the steps of: transmitting afirst message from the first communication terminal to the secondcommunication terminal; receiving a reply message from the secondcommunication terminal, the reply message including information relatingto the receipt time of the first message at the second terminal andinformation relating to a transmission time of the reply message; anddetermining the time of receipt of the reply message at the firstcommunication terminal.
 6. A method according to claim 5, furthercomprising including the transmission time of the first message with thefirst message and returning the transmission time of the first messagewith the reply message.
 7. A method according to claim 5, includingstoring the transmission time of the first message at the first terminaland retrieving the transmission time on receipt of the reply message. 8.A method according to claim 5, wherein the first and secondcommunication terminals include first and second internal clocksrespectively, and the step of determining information relating to thetime of receipt comprises determining a value relating to the state ofthe second internal clock at the time of receipt.
 9. A method accordingto claim 1, comprising encrypting the data by combining the determinedinformation with the data.
 10. A method according to claim 9, whereinthe step of combining the information with the data comprises performinga multiplication operation where a data packet is the multiplicand andthe information is the multiplier.
 11. A method according to claim 9,wherein the information comprises a value representing the time at whichthe message is expected to arrive at the second terminal.
 12. A methodof decrypting encrypted data received from a first communicationterminal at a second communication terminal, in which the data has beenencrypted at the first terminal using information relating to a time atwhich the data is expected to be received at the second terminal,comprising the steps of: receiving the encrypted data at the secondterminal; determining information relating to the time of receipt of theencrypted data; and using the determined information to decrypt theencrypted data.
 13. A method according to claim 12, wherein the firstand second terminals include first and second internal clocksrespectively, and the step of determining information relating to thetime of receipt of the encrypted data comprises determining a valuerelating to the state of the second internal clock at the time ofreceipt.
 14. A method according to claim 13, wherein the step of usingthe determined information to decrypt the encrypted data comprisescombining the data with the clock related value.
 15. A method accordingto claim 14, wherein the step of combining the data with the clockrelated value comprises dividing a value representing an encrypted datapacket by the clock related value.
 16. A method of setting up a securechannel between first and second communication terminals in acommunication system, the method comprising the steps of: receiving afirst message sent from the first terminal at the second terminal; andtransmitting a second message from the second terminal to the firstterminal, the second message including information relating to the timeof arrival of the first message at the second terminal and the time oftransmission of the second message from the second terminal to the firstterminal.
 17. A method according to claim 16, further comprising thestep of determining information relating to the time of transmission ofthe first message from the first terminal.
 18. A method according toclaim 17, wherein the information relating to the time of transmissionis included in the first and second messages.
 19. A method according toclaim 17, wherein the step of determining information relating to thetime of transmission of the first message comprises storing theinformation at the first terminal on transmission of the first messageand retrieving the information from the first terminal on receipt of thesecond message.
 20. A method according to claim 16, further comprisingthe step of receiving the second message at the first terminal anddetermining information relating to the time of receipt of the secondmessage.
 21. A communication system in which data is to be encrypted fortransmission between first and second communication terminals, thesystem comprising: means for determining information relating to a timeat which a message sent from the first terminal is expected to arrive atthe second terminal; and means for encrypting the data at the firstterminal using the determined information.
 22. A system according toclaim 21, wherein the determining means include: means for transmittinga first message from the first communication terminal to the secondcommunication terminal; means for receiving the first message at thesecond communication terminal and determining a time of receipt; meansfor transmitting a reply message from the second communication terminalto the first communication terminal, the reply message includinginformation relating to the receipt time of the first message at thesecond terminal and information relating to a transmission time of thereply message from the second terminal; and means for receiving thereply message at the first communication terminal.
 23. A systemaccording to claim 22, wherein the first message transmitting meansincludes means for including the transmission time of the first messagewith the first message and the means for transmitting a reply messagefrom the second terminal includes means for including the transmissiontime of the first message with the reply message.
 24. A system accordingto claim 22, further comprising means for storing the transmission timeof the first message at the first terminal and means for retrieving thetransmission time of the first message on receipt of the reply message.25. A system according to claim 21, wherein the first terminal includesmeans for transmitting the encrypted data to the second terminal.
 26. Asystem according to claim 21, wherein the first and second terminalshave first and second internal clocks respectively, each of whichgenerates a sequence of values corresponding to a time sequence.
 27. Asystem according to claim 26, including means for determining an offsetvalue defining a difference between the sequences of the first andsecond clocks.
 28. A system according to claim 27, including means fordetermining a propagation delay between transmission of the message bythe first communication terminal and its receipt by the secondcommunication terminal.
 29. A transmitter configured to transmitencrypted data to a receiver, the transmitter comprising: means fordetermining information relating to a time at which a message sent fromthe transmitter is expected to arrive at the receiver; means forencrypting the data at the transmitter using the determined information.30. A transmitter according to claim 29, further comprising means forincluding information relating to a transmission time of a message intothe message to be transmitted.
 31. A transmitter according to claim 29,further comprising means for storing information relating to atransmission time of a message.
 32. A transmitter according to claim 31,further comprising means for retrieving the information relating to thetransmission time of the message on receipt of the reply message.
 33. Areceiver configured to decrypt data sent from a transmitter, wherein thedata is encrypted using information relating to a time at which amessage sent from the transmitter is expected to arrive at the receiver,the receiver comprising: means for receiving the encrypted data; meansfor determining a time of arrival of the encrypted data; and means fordecrypting the encrypted data using the determined information.
 34. Acomputer program, which when run on a processor, is configured to carryout the method of claim 1.